Motive of hackers financial, not ideological says Facebook

20 October 2018

Facebook isn't denying the Journal's report, but has remained mum on who pulled off the attack, citing the FBI's involvement in the case. Facebook has yet to officially identify who's behind the hack, with the company's VP of product management Guy Rosen telling reporters last week that it was following requests from law enforcement. As such, there could still potentially be some sort of state-sponsored entity behind last month's attack.

It is the first time that something comes out about the origin of the hack. Last week, Facebook disclosed that the mysterious attackers were focused on accessing the contact information from close to 30 million users affected in the attack.

Facebook's security team has been investigating the incident since September 25, when it discovered that someone was downloading a large quantity of digital access tokens on the social network. When a member of a group Messenger was also the administrator of a page on Facebook, a message sent by a user of Facebook became accessible to hackers.

Indeed, on Friday, Facebook revised its estimate of the number of breach victims downward.

Twenty million fewer accounts were breached than originally thought - 30 million instead of 50 million - but attackers made off with sensitive personal information from almost half of those users that could put them at serious risk, including phone number and email address, recent searches on Facebook, location history and the types of devices people used to access the service, the company told users last week.

There are new details on the recent Facebook hack that impacted 30 million accounts. As an extra safeguard, it invalidated tokens for all 90 million - requiring users to log back in to Facebook online or on their mobile device - that had ever used the "view as" feature. For the set of 29 million accounts, the hackers - whose identity and origin were not revealed until now - have entered the user name, email address and/or phone number if it was specified in their profile. By gaining access to accounts, advertisers can manipulate the way their ads are seen - who by, how often etc and the yield from this manipulative analytics can prove phenomenal.